Can't get rid of Altnet

Archived from groups: microsoft.public.windowsxp.general (More info?)

Spybot and MS spyware keep finding this threat but don't remove it. Anyone
know how I can get rid of it.

Gord
12 answers Last reply
More about altnet
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Previously posted by Malke:

    "Altnet Removal Instructions


    Before you delete it, it must have it permission changed:


    Open the registry (Start->Run->regedit) and select the keys


    [HKEY_LOCAL_MACHINE\\Software\­\Altnet]
    [HKEY_LOCAL_MACHINE\\SOFTWARE\­\Altnet\\Dashboard]
    [HKEY_LOCAL_MACHINE\\SOFTWARE\­\Microsoft\\Windows\\CurrentVe­rsion\\App
    Management\\ARPCache\\AltnetDM­]
    [HKEY_LOCAL_MACHINE\SOFTWARE\M­icrosoft\Windows\CurrentVersio­n\SharedDLLs]
    \"C:\WINDOWS\Temp\Altnet\msvci­rt.dll\"=dword:00000001
    [HKEY_USERS\S-1-5-21-14627781-­1401277002-153983898-1006\Soft­ware\Microsoft\\Search
    Assistant\ACMru\5603]
    \"000\"=\"altnet\"
    [HKEY_USERS\S-1-5-21-14627781-­1401277002-153983898-1006\Soft­ware\Microsoft\Windows\Curre
    nt­Version\\Explorer\MenuOrder\\S­tart
    Menu2\Programs\Altnet]


    Start with the top folder which is Altnet and work down and follow these
    instruction to change the permission for all folders.


    Right click on Altnet then click on permission, click on add, click on
    advanced, click on find now, and look for your log on name and click on
    okay twice to get back to permissions for Altnet. Now, put a check mark
    in the boxes for allow after click on advanced, click on the tab for
    owner and highlight your log under \'change owner to\' and check the
    box that say\'s : \'Replace permission entries on all child objects
    with entries shown here that apply to child objects\\' and click on ok,
    click on apply and click ok. Continue the same for the rest of the
    folders listed.


    After the changing the permission, end the ?Altnet? process from the
    Task Manager (ctrl-alt-delete). Having successfully done this you
    should be able to delete the entire ?Altnet? folder."


    See if that does it for you. And of course you must be doing all this
    work in Safe Mode.
    --

    T.C.
    t__cruise@[NoSpam]hotmail.com
    Remove [NoSpam] to reply


    "Gord" <Gord@discussions.microsoft.com> wrote in message
    news:DA597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Gord wrote:

    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord

    A google search came up with this:
    http://www.spywareremove.com/removeAltnet.html

    There are other links too.

    --
    Rock
    MS MVP Windows - Shell/User
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Gord wrote:

    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord

    Gord, please don't post HJT logs here. There are forums for that
    purpose. I gave you some links on how to remove altnet.

    --
    Rock
    MS MVP Windows - Shell/User
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Checking for/Help with Hijackware
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://aumha.net/viewtopic.php?t=5878
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/data/prevention.htm
    http://inetexplorer.mvps.org/archive/tshoot.html
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    When all else fails, HijackThis v1.99.1
    (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
    It will help you to both identify and remove any hijackware/spyware. **Post
    your log to http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
    for expert analysis, not here.**

    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

    Gord wrote:
    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Do you have the current versions they should. Download, install, update and
    run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    to see it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Gord" <Gord@discussions.microsoft.com> wrote in message
    news:DA597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <U6qQe.385$Kk1.7@newssvr19.news.prodigy.com>, pcbutts1
    @seedsv.com says...
    > Ad-Aware
    > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >
    > Spybot search and destroy
    > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >
    > Ewido Security Suite Trial version
    > http://www.pcbutts1.com/downloads/ewidosetup.exe

    Don't trust downloads from sites that you don't know. Please download
    the software from the vendors sites so that you KNOW what you are
    getting and what it does - including the FAQ.

    You don't know anything about the above site and there is no support
    documents and no links to the vendors websites for you to view.

    Oh, and the person that owns the above sites has not provided any proof
    that he has permission to host the files against the information
    provided by the vendors.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Here is the log.
    Logfile of HijackThis v1.97.7
    Scan saved at 10:22:01 PM, on 8/30/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\GHOSTS~2.EXE
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\snmp.exe
    C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\PopUp Killer\PopUpKiller.EXE
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride = localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
    O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
    Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
    Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F33B84B4-9B35-0407-3C12-7ABB0397E43F} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
    files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton
    SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common
    Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
    Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program
    Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec
    Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [QD FastAndSafe] C:\PROGRA~1\NORTON~2\NORTON~3\QDCSFS.exe
    /scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Lwinst Run Profiler]
    C:\PROGRA~1\Logitech\WINGMA~1\Lwinst.exe -d -l
    "C:\PROGRA~1\Logitech\WINGMA~1\Lwpevntm.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
    C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
    AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
    /background
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &
    Destroy\SpybotSD.exe" /autocheck
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: EmpirePoker (HKLM)
    O9 - Extra 'Tools' menuitem: EmpirePoker (HKLM)
    O9 - Extra button: PartyPoker.com (HKLM)
    O9 - Extra 'Tools' menuitem: PartyPoker.com (HKLM)
    O9 - Extra button: Yahoo! Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: symsupportutil -
    https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
    O16 - DPF: Yahoo! Chat -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: Yahoo! Cribbage -
    http://download.games.yahoo.com/games/clients/y/it1_x.cab
    O16 - DPF: Yahoo! Euchre -
    http://download.games.yahoo.com/games/clients/y/et1_x.cab
    O16 - DPF: Yahoo! Pyramids -
    http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
    http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} -
    http://down.plaxo.com/down/release/instub.cab
    O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} -
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
    http://down.plaxo.com/down/release/PlaxoInstall.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
    Class) -
    http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
    Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client
    Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
    - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
    O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} -
    http://fdl.msn.com/public/chat/msnchat41.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio
    Conferencing) -
    http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
    Installation Engine) -
    http://office.microsoft.com/officeupdate/content/opuc2.cab
    O16 - DPF: {4BF7A372-9004-4CD5-9E91-1FDCC03CA8A9} (Eyeball Video Messaging
    Control) - http://imlive.com/chatsource/vmcontrol.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) -
    http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -
    http://64.124.45.181/chaincast/proxy/CCMP.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
    Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
    http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37876.4434027778
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} -
    http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
    http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
    http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
    Information Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
    http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O18 - Protocol: bwh0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {5669BD86-996F-46A0-902C-8C9236B5E0EF} - C:\Program
    Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {5669BD86-996F-46A0-902C-8C9236B5E0EF} -
    C:\Program Files\Logitech\Desktop
    Messenger\8876480\Program\BWPlugProtocol-8876480.dll


    "pcbutts1" wrote:

    > Do you have the current versions they should. Download, install, update and
    > run all of the following.
    >
    > Ad-Aware
    > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >
    > Spybot search and destroy
    > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >
    > Ewido Security Suite Trial version
    > http://www.pcbutts1.com/downloads/ewidosetup.exe
    >
    > Microsoft Windows AntiSpyware (Beta1)
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    > If none of the above fixes the issue then download Hijack this, run it, save
    > a copy of the log file and cut and paste it back here to this group so that
    > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > to see it not them.
    >
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Gord" <Gord@discussions.microsoft.com> wrote in message
    > news:DA597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
    > > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > > know how I can get rid of it.
    > >
    > > Gord
    >
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Gord wrote:

    > Here is the log.
    > Logfile of HijackThis v1.97.7
    > Scan saved at 10:22:01 PM, on 8/30/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >

    <snip>

    Gord, HJT logs should _not_ be posted here. Here are some forums to
    post them.

    Forums to Interpret HijackThis Logs:

    http://www.spywareinfo.com/forums/
    http://forum.aumha.org/viewforum.php?f=30
    http://forums.tomcoyote.org/
    http://www.wilderssecurity.com/


    --
    Rock
    MS MVP Windows - Shell/User
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Agreed, Gord.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE, Shell/User, Security), AH-VSOP

    Rock wrote:
    > Gord wrote:
    >
    > > Here is the log.
    > > Logfile of HijackThis v1.97.7
    > > Scan saved at 10:22:01 PM, on 8/30/2005
    > > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    > >
    >
    > <snip>
    >
    > Gord, HJT logs should _not_ be posted here. Here are some forums to
    > post them.
    >
    > Forums to Interpret HijackThis Logs:
    >
    > http://www.spywareinfo.com/forums/
    > http://forum.aumha.org/viewforum.php?f=30
    > http://forums.tomcoyote.org/
    > http://www.wilderssecurity.com/
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Gord I never seen your log Repost it right here again. Ignore rock.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Gord" <Gord@discussions.microsoft.com> wrote in message
    news:DA597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
    > Spybot and MS spyware keep finding this threat but don't remove it. Anyone
    > know how I can get rid of it.
    >
    > Gord
    >
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Also use this current version, yours is outdated.

    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "pcbutts1" <pcbutts1@seedsv.com> wrote in message
    news:TTuRe.76$pt.5@newssvr29.news.prodigy.net...
    > Gord I never seen your log Repost it right here again. Ignore rock.
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Gord" <Gord@discussions.microsoft.com> wrote in message
    > news:DA597BE0-F8F9-469D-8E35-3FDB2C1A372A@microsoft.com...
    >> Spybot and MS spyware keep finding this threat but don't remove it.
    >> Anyone
    >> know how I can get rid of it.
    >>
    >> Gord
    >>
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.general (More info?)

    In article <TTuRe.76$pt.5@newssvr29.news.prodigy.net>, pcbutts1
    @seedsv.com says...
    > Gord I never seen your log Repost it right here again. Ignore rock.

    The nice people from Spybot Search & Destroy, their legal department,
    actual contact name of "Kai Pohl" are looking into your hosting of their
    files without permission and without credit being given to them. You can
    reach him at legal@spybot.info

    And posting of HJ logs to non-HJ forums/groups is not acceptable.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
Ask a new question

Read More

Spybot Microsoft Spyware Windows XP